From 379b548cdaa080c71b179ed8ffba1cdd8b24882a Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 1 Apr 2022 11:02:24 +0200 Subject: [PATCH 1/2] crypto: do not add undefined hash in webcrypto normalizeAlgorithm --- lib/internal/crypto/util.js | 16 ++++++++++------ lib/internal/crypto/webcrypto.js | 4 ++-- test/parallel/test-webcrypto-utils.js | 25 +++++++++++++++++++++++++ 3 files changed, 37 insertions(+), 8 deletions(-) create mode 100644 test/parallel/test-webcrypto-utils.js diff --git a/lib/internal/crypto/util.js b/lib/internal/crypto/util.js index eafcc3d9669288..90eefa587f9ecd 100644 --- a/lib/internal/crypto/util.js +++ b/lib/internal/crypto/util.js @@ -206,35 +206,39 @@ function validateMaxBufferLength(data, name) { } } -function normalizeAlgorithm(algorithm, label = 'algorithm') { +function normalizeAlgorithm(algorithm) { if (algorithm != null) { if (typeof algorithm === 'string') algorithm = { name: algorithm }; if (typeof algorithm === 'object') { const { name } = algorithm; - let hash; if (typeof name !== 'string' || !ArrayPrototypeIncludes( kAlgorithmsKeys, StringPrototypeToLowerCase(name))) { throw lazyDOMException('Unrecognized name.', 'NotSupportedError'); } - if (algorithm.hash !== undefined) { - hash = normalizeAlgorithm(algorithm.hash, 'algorithm.hash'); + let { hash } = algorithm; + if (hash !== undefined) { + hash = normalizeAlgorithm(hash); if (!ArrayPrototypeIncludes(kHashTypes, hash.name)) throw lazyDOMException('Unrecognized name.', 'NotSupportedError'); } - return { + const normalized = { ...algorithm, name: kAlgorithms[StringPrototypeToLowerCase(name)], - hash, }; + if (hash) { + normalized.hash = hash; + } + return normalized; } } throw lazyDOMException('Unrecognized name.', 'NotSupportedError'); } + function hasAnyNotIn(set, checks) { for (const s of set) if (!ArrayPrototypeIncludes(checks, s)) diff --git a/lib/internal/crypto/webcrypto.js b/lib/internal/crypto/webcrypto.js index 63dd03bd00e0f0..e5801ea52f0bc3 100644 --- a/lib/internal/crypto/webcrypto.js +++ b/lib/internal/crypto/webcrypto.js @@ -557,10 +557,10 @@ async function unwrapKey( extractable, keyUsages) { wrappedKey = getArrayBufferOrView(wrappedKey, 'wrappedKey'); - + unwrapAlgo = normalizeAlgorithm(unwrapAlgo); let keyData = await cipherOrWrap( kWebCryptoCipherDecrypt, - normalizeAlgorithm(unwrapAlgo), + unwrapAlgo, unwrappingKey, wrappedKey, 'unwrapKey'); diff --git a/test/parallel/test-webcrypto-utils.js b/test/parallel/test-webcrypto-utils.js new file mode 100644 index 00000000000000..3f9a8093905cf1 --- /dev/null +++ b/test/parallel/test-webcrypto-utils.js @@ -0,0 +1,25 @@ +// Flags: --expose-internals +'use strict'; + +const common = require('../common'); +if (!common.hasCrypto) + common.skip('missing crypto'); + +const assert = require('assert'); + +const { + normalizeAlgorithm, +} = require('internal/crypto/util'); + +{ + // Check that normalizeAlgorithm does not add an undefined hash property + assert.strictEqual('hash' in normalizeAlgorithm({ name: 'ECDH' }), false); + assert.strictEqual('hash' in normalizeAlgorithm('ECDH'), false); +} + +{ + // Check that normalizeAlgorithm does not mutate object inputs + const algorithm = { name: 'ECDH', hash: 'SHA-256' }; + assert.strictEqual(normalizeAlgorithm(algorithm) !== algorithm, true); + assert.deepStrictEqual(algorithm, { name: 'ECDH', hash: 'SHA-256' }); +} From 04e4cc868dc8ace3cb94346ded9ec0ae3a96a984 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Sat, 2 Apr 2022 16:45:51 +0200 Subject: [PATCH 2/2] fixup! crypto: do not add undefined hash in webcrypto normalizeAlgorithm --- lib/internal/crypto/util.js | 1 - .../{test-webcrypto-utils.js => test-webcrypto-util.js} | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) rename test/parallel/{test-webcrypto-utils.js => test-webcrypto-util.js} (98%) diff --git a/lib/internal/crypto/util.js b/lib/internal/crypto/util.js index 90eefa587f9ecd..9492409e3a6437 100644 --- a/lib/internal/crypto/util.js +++ b/lib/internal/crypto/util.js @@ -238,7 +238,6 @@ function normalizeAlgorithm(algorithm) { throw lazyDOMException('Unrecognized name.', 'NotSupportedError'); } - function hasAnyNotIn(set, checks) { for (const s of set) if (!ArrayPrototypeIncludes(checks, s)) diff --git a/test/parallel/test-webcrypto-utils.js b/test/parallel/test-webcrypto-util.js similarity index 98% rename from test/parallel/test-webcrypto-utils.js rename to test/parallel/test-webcrypto-util.js index 3f9a8093905cf1..4bb14a7f91494f 100644 --- a/test/parallel/test-webcrypto-utils.js +++ b/test/parallel/test-webcrypto-util.js @@ -12,13 +12,13 @@ const { } = require('internal/crypto/util'); { - // Check that normalizeAlgorithm does not add an undefined hash property + // Check that normalizeAlgorithm does not add an undefined hash property. assert.strictEqual('hash' in normalizeAlgorithm({ name: 'ECDH' }), false); assert.strictEqual('hash' in normalizeAlgorithm('ECDH'), false); } { - // Check that normalizeAlgorithm does not mutate object inputs + // Check that normalizeAlgorithm does not mutate object inputs. const algorithm = { name: 'ECDH', hash: 'SHA-256' }; assert.strictEqual(normalizeAlgorithm(algorithm) !== algorithm, true); assert.deepStrictEqual(algorithm, { name: 'ECDH', hash: 'SHA-256' });